Membermouse < 2.2.9 - Blind SQL Injection



Description
Note: It seems like the affected plugin is the premium version (from https://membermouse.com), the free one has been closed as of v1.2.0

Affects Plugin

fixed in version 2.2.9
- plugin closed

References

CVE 2018-11309
URL https://blog.riccardoancarani.it/cve-2018-11309-blind-sql-injection-in-membermouse-plugin/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Views 2434
Verified No
WPVDB ID 9601

Timeline

Publicly Published 2018-05-27 (about 2 years ago)
Added 2019-08-22 (10 months ago)
Last Updated 2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin